• GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    cancel
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    Go to solution
    New

    listening ports on VPS

    Hi,

    I have just started to configure my VPS server. There are a number of ports already listening on the publicly available interface. The ones I don't understand are:

     

    45898, 39690, 45965, 2223, 2224 and 33695 

     

    a) Are they really needed? I don't need or use control panel and view these as a security risk at least until explained. 

     

    b) If they are not needed and can be removed, how can I do so safely?

    c) If they can't be removed how can I be sure that they are not a risk?

     

    thanks

    1 ACCEPTED SOLUTION
    Employee

    Hi @JMZ ,

     

    Ports 2223 and 2224 are needed for the vps UI dashboard.  These services listen for requests from the UI dashboard and run those operations locally on the vm.  For example, displaying vm usage stats in the dashboard requires the service to listen for a request on 2223 and then locally inspect vm resource usage and return it to the UI.  If you don't rely or need the UI, then you can stop and disable these services.

     

    I cannot speak to the other ports, but the linux command netstat is useful for determining which services are listening on specific ports.  Then you can stop and disable those services.  Another option is running a software firewall like iptables or firewalld to open traffic for specific ports or services.

    View solution in original post

    3 REPLIES 3
    Employee

    Hi @JMZ ,

     

    Ports 2223 and 2224 are needed for the vps UI dashboard.  These services listen for requests from the UI dashboard and run those operations locally on the vm.  For example, displaying vm usage stats in the dashboard requires the service to listen for a request on 2223 and then locally inspect vm resource usage and return it to the UI.  If you don't rely or need the UI, then you can stop and disable these services.

     

    I cannot speak to the other ports, but the linux command netstat is useful for determining which services are listening on specific ports.  Then you can stop and disable those services.  Another option is running a software firewall like iptables or firewalld to open traffic for specific ports or services.

    View solution in original post

    Thanks @scottj 

     

    I looked into this and there are a few services like:

     

    thespian-director.service

    nydus-ex-api.service

    nydus-ex.service

     

    which seem to be related (by name) to the processes on the ports. I will disable these. I just hope that they are not dependencies of other capabilities which would be lost if I was to disable them.

     

    I would be good to know for sure. 

    Hi @JMZ 


    Something else to be aware of is that a restore from a snapshot will never work if your snapshot has these services disabled.  The local service listens for the IP address to configure on the box and if the services are disabled then the IP address will fail to be setup and the restore process will fail.